Analysis

  • max time kernel
    838s
  • max time network
    842s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 02:50

General

  • Target

    Loader.exe

  • Size

    153KB

  • MD5

    90c2376b554b824f28fbcf6e9e0b137e

  • SHA1

    9965f3794cff1862c3ca8ea12827ffe6df95fc76

  • SHA256

    f5649bbbd339edac2cf043380eeb51017e2a04a02572997589398f4de33398fb

  • SHA512

    9ee6f92b0f1fa7f7ab832907944bd10294727ddc1393ad5d5ec135e12e1f153a9e67d8b7281959ba2784cca606108bab3695888f7c6dedd968ce1862f64257e8

  • SSDEEP

    3072:nGtHEJC8sRzs/1ylG6hUU1d7VuT/V5JChv35NFm4mgwGXjMpgB8W:n0HEKqdylVhUUv58nJCnlMpgB8

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Users\Admin\AppData\Local\Temp\Loader.exe
      "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2368

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Loader.exe

          Filesize

          66KB

          MD5

          1a3959b63e3eb9af02124e0d7f733949

          SHA1

          6f73329c35ac9667963bffa0ac1511f9f7a29e74

          SHA256

          03104c440956db679388d1ad46f1bcc2ebc83f13d06ee78aeb6b438aabd4d65e

          SHA512

          034d55e8f7c06166868d4e859e9980378f3e7b71b00b3ac8a92197e835acedd7177b19a1293f094224dddb1c207d61543fcba9e878ff3dadbb2ba6ee361eaca8

        • C:\Users\Admin\AppData\Local\Temp\Loader.exe

          Filesize

          63KB

          MD5

          5409ebdefb923a6503ab4bd94246bfce

          SHA1

          ecdbaf3955ad5c012bc5dad408853cf9c0c37d14

          SHA256

          c187c97cd26955d8db0bf1d6eac9d41fe25178317762053f48087b8ccafd5430

          SHA512

          07f4481d7d3f31bc5ddc7609d941d043eec7f4875f30ee3a5e779ffb897ce75b1fd36c35d496f9951882b55f4f59e70bad200cce1b9937df15f1a3c084f752ae

        • \Users\Admin\AppData\Local\Temp\Loader.exe

          Filesize

          125KB

          MD5

          d33c633e92a3a18f24838876485273ab

          SHA1

          5727d3a37ddd23c78aedd13b035269c5f0af0d8c

          SHA256

          d314c9f0b40db6bda59abf855683a60fcb99d7c3f25d48ebef485f2ee0a8e917

          SHA512

          a344b3d50d2191508643482690be6e2577ec3d2b7f9758ce9ddee0b4cc31b76941b894a2670c1e8713a46b3f00940677a46f035040b1e717d29057ead80f4e6e

        • memory/2408-6-0x000000013FD80000-0x000000013FDAB000-memory.dmp

          Filesize

          172KB